Method for deterring snooping of data in digital data processing systems

ABSTRACT

A physical latching mechanism prevents access to or tampering with an I/O port of a computer system. In the preferred embodiment, a display monitor cable of an unattended workstation being operated remotely is disconnected and latched to prevent re-connection and display of remote activity. The latch includes a first latch which locks the cable to the workstation system unit, and a second latch which blocks the open end of the cable. Each latch preferably a pair of L-shaped members which engage each other in a nested fashion, one being attached to a cable coupling while the other is connected to the system unit or is used to block the cable open end. The members are locked by engagement means at one end and a padlock at the other.

CROSS REFERENCE TO RELATED APPLICATION

This is a divisional application of U.S. patent application Ser. No.10/051,578, filed Jan. 18, 2002, now U.S. Pat. No. 7,083,438, entitled“METHOD AND APPARATUS FOR DETERRING SNOOPING OF DATA IN DIGITAL DATAPROCESSING SYSTEMS”, which is herein incorporated by reference.

FIELD OF THE INVENTION

The present invention relates to digital data processing devices, and inparticular to protection of data stored in or processed by digital dataprocessing devices.

BACKGROUND OF THE INVENTION

In the latter half of the twentieth century, there began a phenomenonknown as the information revolution. While the information revolution isa historical development broader in scope than any one event or machine,no single device has come to represent the information revolution morethan the digital electronic computer. The development of computersystems has surely been a revolution. Each year, the declining pricesand expanding capabilities of computers and other digital technologycause them to be used in new and varied applications, and to process andstore more user data.

The reduced cost of computing and the general availability of digitaldevices has brought an explosion in the volume of information stored insuch devices. With so much information stored in digital form, it isnaturally desirable to obtain wide access from computer systems. As aresult, most computer systems are linked to other computer systems viaany of various networks. It is not uncommon for a single computer systemto have multiple network attachments. For example, the computer may belinked to the Internet, and the same time that it is linked to severalcomputers within a business entity or other organization by a local areanetwork. Additionally, a mainframe type computer may be linked tomultiple workstations, any of which may additionally have links toexternal systems. Information is thus made available to many systems andlocations remote from the actual system in which the information isstored and maintained.

Although it is obviously desirable in many cases to make informationfrom one system available remotely to other systems, to do so createsnumerous potential security exposures. The potential exposure increasesas systems become more remote, i.e., as the number of intermediateconnections from one system to another increase. For example, in thecase of the Internet, information requested by a client from a servermay pass through numerous intermediary systems during transmission. Insuch an anonymous world, it becomes difficult to verify the identitiesor authorities of participants, the ultimate destination of information,and whether other parties are snooping. A security exposure at any partof the path potentially exposes the information.

The problem of protecting digital information from corruption by orexposure to unauthorized parties can be likened to an arms race. In thisarms race, new technological developments which expand the capabilitiesof digital data systems also create potential new security exposures.These exposures are often little appreciated or understood by thedevelopers of new technology, but left unattended will eventually beexploited by clever and unscrupulous interlopers. Those who developcountermeasures to protect system integrity are constantly striving tokeep up with the potential exposures and the ingenuity of theinterlopers. In some cases, countermeasures themselves involveextraordinary technological complexity and consequent developmenteffort. However, in many others, the countermeasure is itselftechnologically simple, and the difficulty in developing it lies infirst appreciating the nature of the security exposure.

Security exposures and their countermeasures can be classified broadlyin two categories: data security and physical security. In general, datasecurity involves the use of data as a tool by the interloper to performsome unauthorized act, while physical security involves a physicalaccess, sometimes using a special purpose eavesdropping device. E.g., aninterloper who uses conventional hardware such as a remote computerterminal attached to a network or to a larger system to enter data insuch a manner as to enable him to perform an unauthorized act hasbreached data security. An interloper who gains unauthorized physicalaccess to the system, by obtaining access to a secure area or by openinga physical lock on a system component, has breached physical security.

While a great deal of effort has been put into the development ofimproved data security techniques, these can be rendered useless bysimple breaches in physical security. For example, a system may haveevery sophistication to prevent a data security breach from a remoteterminal, and yet if a person can simply walk into the building and roomwhere the main system is located and access information from a systemconsole, from storage media, or otherwise, system security is seriouslyimpaired. All too often, attention is focused on the data securityaspect to the neglect of simple physical security.

One form of physical security exposure is created when using any ofvarious remote workstation control software applications. Theseapplications allow a user to take control of a workstation, such as apersonal computer, from a remote location. Such applications are usefulfor debugging workstation or network problems, for downloading andsetting up applications on the workstation, and for simply accessingdata and performing work using the workstation from a remote location,where the remote location may be an alternate workplace of the user, amobile computing device, or a temporary work location. When using suchan application, the workstation is not necessarily attended, and may belocated in an unsecure area. In these circumstances, any unauthorizedperson could simply watch the user's activity on the workstation displaymonitor. It is even possible that someone might attach a snooping orrecording device to the monitor output port of the workstation. Someremote workstation control applications attempt to blank the displayscreen of the workstation, but these are not necessarily effective forall workstation configurations; other such applications do not evenattempt to blank the screen.

A need exists for improved techniques and devices which prevent exposureof data in an unattended workstation operating under control of a remoteworkstation control application. Furthermore, a more general need existsfor improved techniques and devices for enhancing physical security ofdata transmitted on I/O ports and cables of unattended systems.

SUMMARY OF THE INVENTION

Various aspects of the present invention involve the use of a physicallatching mechanism which prevents access to or tampering with an I/Oport of a computer system.

In a first aspect, a display monitor output cable running between aworkstation and its display monitor is disconnected and a physicallatching mechanism prevents re-connection of the cable and access to themonitor output port of the workstation. In the preferred embodiment, thelatching mechanism supports operation of the workstation unattendedwhile under control of a remote workstation control application.Preferably, the monitor cable is detached at an intermediate coupling, afirst latch is installed at the coupling between the monitor output portof the system and the monitor cable to prevent detachment of the cable,and a second latch is installed over the open end of the monitor cableto prevent attachment of any device to the open end.

In a second aspect, a latching mechanism prevents physical disengagementof an I/O cable from an I/O port. In the preferred embodiment, thelatching mechanism comprises a pair of L-shaped members, one of which isattached to the port coupling while the other is connected to the cablecoupling, and which engage each other in a nested fashion and arelatched by a padlock passing through respective holes in each member atone end thereof. Preferably, this latching mechanism can be retro-fittedto an existing I/O port and cable using a standard D-shell coupling.

In a third aspect, a latching mechanism prevents physical engagement ofan open end of an I/O cable. In the preferred embodiment, the latchingmechanism comprises a pair of L-shaped members, one of which is attachedto the cable coupling while the other contains a substantially solidface blocking the mating area of the cable, and which engage each otherin a nested fashion and are latched by a padlock passing throughrespective holes in each member at one end thereof.

The details of the present invention, both as to its structure andoperation, can best be understood in reference to the accompanyingdrawings, in which like reference numerals refer to like parts, and inwhich:

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 is a high-level diagram of a workstation in a networkedenvironment, suitable for latching a data cable, according to thepreferred embodiment of the present invention.

FIGS. 2A and 2B represent the operational configurations of a latchingmechanism for a data cable, according to the preferred embodiment.

FIG. 3 is an orthogonal 3-view drawing of a first L-shaped piece of alatching mechanism for a data cable, according to the preferredembodiment.

FIG. 4 is an orthogonal 3-view drawing of a second L-shaped piece of alatching mechanism for a data cable, according to the preferredembodiment.

FIG. 5 is an orthogonal 3-view drawing of a third L-shaped piece of alatching mechanism for a data cable, according to the preferredembodiment.

FIG. 6 illustrates a latching mechanism using two L-shaped pieces whichlatches a data cable to a data port, according to the preferredembodiment.

FIG. 7 illustrates a latching mechanism using two L-shaped pieces whichlocks the open end of a data cable, according to the preferredembodiment.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Referring to the Drawing, wherein like numbers denote like partsthroughout the several views, FIG. 1 is a high-level block diagram of aworkstation 100 in a networked computing environment, suitable forlatching a data cable in accordance with the preferred embodiment of thepresent invention. Workstation 100 comprises system unit 101, which is ahousing containing various electronic components, and a physicallyseparate display monitor 102. The display monitor and system unit arecoupled to each other by display monitor data cable 103. Additional I/Odevices, such as keyboard 104 and mouse 105, are also attached to systemunit 101 via respective cables. System unit 101 contains the key dataprocessing components of workstation 101, including central processingunit (CPU) 106; main memory 107; mass data storage unit 108; I/O portsdrivers 109 for driving communications with I/O devices, such as monitor102, keyboard 104 and mouse 105; network interface 110 for communicatingwith other computer systems, and communications bus 111. CPU 106 is ageneral-purpose programmable processor, executing instructions stored inmemory 107; while a single CPU is shown in FIG. 1, it should beunderstood that workstations having multiple CPUs could be used. Memory107 is a random-access semiconductor memory for storing data andprograms; memory is shown conceptually as a single monolithic entity, itbeing understood that memory is often arranged in a hierarchy of cachesand other memory devices. Communications bus 111 supports transfer ofdata, commands and other information between different components ofworkstation 100; while shown in simplified form as a single bus, it maybe structured as multiple buses, and may be arranged in a hierarchicalform. Display 102 is typically a cathode-ray tube display, althoughother display technologies may be used. Storage 108 is typically one ormore rotating magnetic hard disk drives, although other data storagedevices could be used.

Network interface 110 provides a connection to a network of computersystems, represented by devices 120–122. Such an interface may be aremote connection through the Internet, or a local area network such asan Ethernet or token ring network, or a mainframe terminal channelinterface, such as might be used to connect multiple workstations to asingle larger mainframe computer used as a server. Many other types ofinterface are possible. In physical form, the network connection istypically a wired connection, although it could be any of various formsof wireless connection such as radio frequency, optical link, etc. Thenetwork is represented conceptually in FIG. 1 by mainframe system 120,workstations 121, and portable device 122. These devices may be incommunication with one another via any available network technology orprotocol, and not all devices need use the same technology or protocol.While one a small number of devices is represented in FIG. 1, it will beunderstood that a network may contain a very large number of devices,and may contain devices of types not represented in FIG. 1.

Workstation 100 will typically be any of various models of single-usercomputer systems known as “personal computers”. The representation ofFIG. 1 is intended as an exemplary simplified representation, it beingunderstood that many variations in system configuration are possible inaddition to those mentioned here, and that other and additional devicesnot shown may be attached to or contained within workstation 100.Furthermore, a workstation according to the present invention need notbe a personal computer system, and may be a so-called dumb terminalattached to a mainframe, a high-performance terminal, a special-purposedevice, or any of various hardware variations.

In accordance with the preferred embodiment, workstation 100 is, atleast some of the time, operated in a remote, unattended mode. In thismode, system unit 101 is powered on and processor 106 can executeinstructions to process data within workstation 100 in much the samemanner as if a user were locally attending the workstation. The userinteracts with workstation 100 remotely through another system orterminal. Such a system or terminal could be any of workstations 121 orportable device 122, or some other device not shown in FIG. 1. Remoteworkstation control application software resident in workstation 100,system 120, and/or workstations/terminals 121,122 allows the remoteworkstation or terminal at which the user is located to effectivelycontrol the operation of workstation 100. I.e., data input by the userat the remote location is transmitted over the network to workstation100, being treated similarly to data which may be input from any localinput device, such as keyboard 104 or mouse 105. Output is similarlytransmitted over the network to the remote location.

One of the problems with remote workstation control application softwareis that, as a result of various hardware and software architecturalfeatures, display screen output of workstation 100 is not only sent tothe remote user over the network, but often simultaneously transmittedto display 102. It is difficult for the remote workstation controlapplication to guarantee in all configurations and circumstances thatscreen output will not be displayed on display 102 when operating inremote mode. In accordance with the preferred embodiment of the presentinvention, this potential security exposure is alleviated by physicallylatching the display data cable.

FIGS. 2A and 2B represent the operational configurations of a latchingmechanism for data cable 103, according to the preferred embodiment.Preferably, data cable 103 comprises two separable segments 201, 202,which are joined by a coupling. Segment 201 is connected to system unit101, and segment 202 is connected to monitor 102. In bothconfigurations, a latch 203 latches segment 201 to system unit 101, andprevents disconnection of segment 201 from system unit 101.

FIG. 2A represents the configuration of data cable 103 and latchingmechanism when workstation 100 is being operated by a user at thephysical location of the workstation. In this case, it is desirable toprovide a data connection between system unit 101 and monitor 102 sothat the user can see the monitor display. Segment 201 and 202 arecoupled to each other to form an electrically continuous connection.

FIG. 2B represents the configuration of data cable 103 and latchingmechanism for operating workstation 100 in an unattended mode from aremote location using a remote workstation control application. In thisconfiguration, segment 201 is disconnected from segment 202. A latch 204attaches to the free end of segment 201 after disconnecting segment 202.Latch 204 effectively covers the free end of segment 201 and preventsconnection of segment 202, or any other device, to the free end ofsegment 201.

While it would alternatively be possible to use a single-piececontinuous data cable 103 instead of segments 201, 202, and, in theunattended mode configuration, to detach the cable from monitor 102 andattach latch 204 to the free end of the cable, or to detach the cablefrom system unit 101 and attach latch 204 to the system unit port, theuse of a segmented cable is preferred for two reasons. Many monitors andsystem units are installed with the cable connections in an inconvenientarea because the connections are rarely uncoupled; using a segmentedcable allows the user to locate the segment-to-segment coupling in aconvenient location. Secondly, some monitors have a permanently attachedcable, or the portion of latch 204 which is intended to be permanentlyaffixed to the cable coupling might interfere with some monitorcouplings.

In the preferred embodiment, each latch 203 and 204 comprises a pair ofL-shaped members which, when assembled in a locked configuration, arenested within each other. The L-shaped members are formed of steel,although other materials might be used. The members are relatively flat,elongated bars which are bent to proper shape, and in which holes,notches, radii, and so forth are cut. In the preferred embodiment, threedifferent types of L-shaped member are used.

FIG. 3 is an orthogonal 3-view drawing of a first type of L-shapedmember 301 of a latching mechanism for a data cable, according to thepreferred embodiment. Member 301 is used in both latch 203 which latchesthe cable to the data port, and in latch 204 which latches the open endof the cable. One major leg 302 of member 301 contains a rectangularhole 304 for the various electrical pins of the cable coupling. Oneither side of the rectangular hole are a pair of holes 305 for screws.The other major leg 303 contains a single round hole 306 at the far endthereof. Hole 306 is designed to receive the locking bar of aconventional padlock. At the end of major leg 302 is a short orthogonalleg 307, also containing a small rectangular hole 308. Hole 308 isdesigned to engage with a projection of another L-shaped member of thelatching mechanism.

FIG. 4 is an orthogonal 3-view drawing of a second type of L-shapedmember 401 of a latching mechanism for a data cable, according to thepreferred embodiment. In the preferred embodiment, member 401 is usedonly in latch 203 which latches the cable to the data port. Like member301, member 401 contains a major leg 402 having a rectangular hole 404for the various electrical pins of the cable coupling, and a pair ofscrew holes 405 on either side of rectangular hole 404. The other majorleg 403 contains a single round hole 406 at the far end thereof, forreceiving the locking bar of a conventional padlock. At the end of majorleg 402 is a projection 407, which is designed to project intorectangular hole 308 of member 301, thus engaging member 301, when in alocked configuration.

FIG. 5 is an orthogonal 3-view drawing of a third type of L-shapedmember 501 of a latching mechanism for a data cable, according to thepreferred embodiment. In the preferred embodiment, member 501 is usedonly in latch 204 which latches the open end of cable segment 201.Member 501 contains major legs 502 and 503. Leg 503 contains a singleround hold 504 at the far end thereof, for receiving the locking bar ofa conventional padlock. At the end of major leg 502 is a projection 505,which is designed to project into rectangular hole 308 of member 301,thus engaging member 301, when in a locked configuration. It will beobserved that member 501 is similar to member 401, except that it lacksholes 404 and 405 in major leg 502, and thus serves to block access toelectrical connector pins.

In accordance with the preferred embodiment, latching mechanisms 203 and204 are retro-fitted to standard port and cable hardware using standardscrews and a conventional padlock, without any machining, cutting,drilling, shaping, molding or other permanent modification required tothe hardware. The latching mechanisms may be subsequently removed andthe hardware restored to its original state.

FIG. 6 illustrates latching mechanism 203 in a locked configuration,according to the preferred embodiment. In this embodiment, latchingmechanism 203 latches a coupling 601 of data cable segment 201 to themonitor output port of system unit 101. In order to attach latchingmechanism 203, a pair of threaded studs (not shown) on either side ofthe monitor output port on system unit 101 are removed by unscrewing.Latch member 301 is then attached to system unit 101 by running twoshallow head screws 602 through holes 305 in member 301 and screwingscrews 602 into the threaded holes from which the studs were removed.Similarly, a pair of long screws (not shown) are removed from throughholes 603 in coupling 601. Latch member 401 is then attached to couplingby running two shallow screws 604 through holes 405 in member 401, andscrewing screws 604 into through holes 603. Although holes 603 are notthreaded, the coupling is typically made of a somewhat elastic moldedplastic material, into which screws 604 of a suitable size will threadthemselves. It is preferred that screws 602 and 604 have round headswith Allen, spline or star type engagement holes in the center, whichmake it almost impossible in the small available clearance area toremove the screws when in a locked configuration. Slotted screws havingflat, countersunk heads provide greater clearance for cable hardware (ifneeded) and are also virtually impossible to remove with the latchengaged.

L-shaped members 301 and 401 are attached to system unit 101 andcoupling 601 respectively with screws 602 and 604 before engaging thelock mechanism, and are intended to be left in place even if the cableis disconnected from the system unit temporarily (e.g., to move theunits or for other maintenance). To lock the cable to the system unit,projection 407 of member 401 is inserted into hole 308 of member 301,and the coupling is plugged into the mating system unit port connectorwith a slight turning motion. Padlock 605 is then inserted through holes306, 406 in the L-shaped members and locked, preventing disengagement.

FIG. 7 illustrates latching mechanism 204 in a locked configuration,according to the preferred embodiment. In this embodiment, latchingmechanism 204 latches an open and unattached coupling 701 of data cablesegment 201 to prevent attachment of a device or cable to the open end.In order to attach latching mechanism 204, a pair of long screws (notshown) are removed from through holes 703 in coupling 701. Latch member301 is then attached to coupling 701 by running two shallow screws 702through holes 305 in member 301, and screwing screws 702 into throughholes 703. Screws 702 preferably have round heads with Allen, spline orstar type engagement holes in the center to make removal while lockednearly impossible.

L-shaped member 301 is attached to coupling 701 with screws 702 beforeengaging the lock mechanism, and is intended to be left in place whenthe cable segments 201 and 202 are connected as shown in FIG. 2A. Toengage latch 204, projection 505 of member 501 is inserted into hole 308of member 301, and holes 306 and 504 are aligned. Padlock 704 is theninserted through holes 306, 504 and locked, preventing disengagement.

Since latch 204 which covers the open cable end has greater clearancearea in the vicinity of the coupling than latch 203, several alternativevariations are possible. For example, the open end could be covered byattaching L-shaped member 401 to coupling 701 in exactly the same manneras the attachment of member 401 to coupling 601 in FIG. 6, and byengaging and latching a second L-shaped member to member 401 in the samemanner as shown in FIG. 6. This second L-shaped member would beidentical to member 301, except that it would not have holes 304 and305, and would instead have a solid leg 302. Furthermore, it will beobserved that, in the case of latch 203, the use of an L-shaped memberlocates the padlock a sufficient distance from the system unit to allowclearance, but that such an extension is not necessary in the case latch204. The L-shaped members are used in the preferred embodiment chieflyto reduce the number of different parts. The open end of the cable couldalternatively be secured by relatively straight members which have anengagement mechanism at one end, and a padlock hole at the other.

A latch mechanism as described herein may further be used to lock twocable couplings together. I.e., referring to FIG. 6, instead of systemunit 101, member 301 might be attached with screws 602 to another cablecoupling which mates with cable coupling 601. As noted above, L-shapedmembers are used in the preferred embodiment to provide clearance nearthe port of a system unit or other large device. Where such clearance isnot necessary, as in the case of two cable couplings, it may be possibleto use a pair of straight members having an engagement mechanism at oneend and holes for a padlock at the other.

In the preferred embodiment, two latches are used to disconnect and lockthe display monitor cable of an unattended workstation. However, eitheror both of the latches described herein may be used in differentapplications and environments. Latches as described herein may be usedfor preventing the disconnection of cable couplings (and possiblemalicious insertion of snooping devices) as well as for preventing theattachment of cable couplings to open ends of cables.

Various alternative designs of the latch mechanism are possible. In thepreferred embodiment, the L-shaped members engage each other at one endusing a projection-in-hole. However, any of various alternativeengagement mechanisms could be used. Example of alternative mechanismsinclude: a knob which is inserted into a slot; a set of bent fingerswhich engage one another; etc.

In the description herein, various references have been made to latchesand latching mechanisms which prevent unauthorized attachment ordetachment of data cables. As used herein and applied to the latchingmechanism, “prevent” means that an unauthorized attachment or detachmentof cables can not take place without some additional extraordinaryaction which defeats the latch. For example, the latch could bephysically broken; the padlock could be picked; the key to the padlockcould be stolen; etc. It is understood that in the realm of security,all prevention is relative, and there is no single device that canassure absolutely and for all time that unauthorized access will nottake place. The purpose of any security device is to enhance security byproviding an additional barrier to unauthorized access which theinterloper must circumvent, and which therefore increases the difficultyfor the interloper and/or the risk of detection and apprehension.

In the preferred embodiment described herein, a simple but effectivelatching mechanism using L-shaped members and padlocks is attached tocouplings of conventional data cables to prevent transmission of data toa monitor while a workstation is operated in unattended mode. Thelatching mechanism of the preferred embodiment has the advantages ofease of manufacture and installation, and does not require modificationto conventional cable and port hardware. However, any number ofalternative latching mechanisms could be used for locking out data tothe monitor when a workstation is operated in unattended mode. Forexample, a data cable could contain an integral lock and switchmechanism, in which a switch which disconnects one or more signal linesis operated with a keyed lock cylinder. Such a data cable would still belocked to the system unit at the system unit's display output port(preferably using latch 203 described herein), but would not requirephysical disconnection in the middle. This alternative might be easierto operate than that disclosed as the preferred embodiment, but wouldalso be more expensive. As an additional alternative example, the systemunit might contain an integral lock and switch mechanism operated by akeyed lock cylinder, for the display monitor output port.

In the preferred embodiment, the latch described herein is used as adata security mechanism. However, such a latch could additionally oralternatively serve the function of an anti-theft device, in which thedata cable itself might be used to physically tie down some componentwhich could otherwise be stolen. If some portion of the cable isattached to a building fixture or a heavy object, such as a desk, and adata cable coupling is attached to a component, such as a system unit ormonitor, using one of the latch devices described herein, theft of thecomponent becomes more difficult. Since, in the preferred embodiment,the open end of the cable contains a latch with a padlock, this padlockmight be conveniently inserted through any appropriately sized andavailable structure attached to a heavy or immovable object.Alternatively, the cable might pass through an opening in a desk orother furniture, and be attached to components (e.g., monitor and systemunit) at either end, the opening being too small for either component,so that it is impossible to remove either component or the component andcable assembly.

Although a specific embodiment of the invention has been disclosed alongwith certain alternatives, it will be recognized by those skilled in theart that additional variations in form and detail may be made within thescope of the following claims:

1. A method of operating a workstation containing a system unit housinga processor and a physically separate display monitor containing adisplay screen, said display monitor being coupled to said system unitwith a display monitor data cable, said method comprising the steps of:disconnecting said display monitor data cable; engaging a latchingmechanism to at least one of the set consisting of the system unit, thedisplay monitor, and the display monitor data cable, wherein saidlatching mechanism prevents re-connection of said display monitor datacable; and thereafter operating said workstation from a remote locationunder the control of a remote digital device at said remote locationusing a remote workstation control software application, said remoteworkstation control software application causing display screen outputtransmitted to a user at said remote digital device to be simultaneouslytransmitted to said display monitor, wherein said steps of disconnectingsaid display monitor data cable and engaging said latching mechanismprevent display of said display screen output on said display monitor.2. The method of operating a workstation of claim 1, wherein said stepof engaging a latching mechanism comprises the steps of: attaching afirst latch at a coupling of said display monitor data cable to saidsystem unit, said first latch preventing detachment of said displaymonitor data cable from said system unit at said coupling; and attachinga second latch at an open end of said display monitor data cable, saidsecond latch preventing attachment of a coupling to said open end ofsaid display monitor data cable.
 3. The method of operating aworkstation of claim 2, wherein said display monitor data cablecomprises first and second segments capable of being connected by acoupling, wherein said disconnecting step comprises disconnecting saidfirst segment from said second segment at said coupling, said firstlatch being attached at a coupling of said first segment to said systemunit, and said second latch being attached to said first segment at saidcoupling for connecting said first and second segments.
 4. The method ofoperating a workstation of claim 1, further comprising the steps of:disengaging at least a portion of said latching mechanism; re-connectingsaid display monitor data cable; and thereafter operating saidworkstation from the workstation location.
 5. A method of operating aworkstation containing a system unit housing a processor and aphysically separate display monitor containing a display screen, saiddisplay monitor being coupled to said system unit with a display monitordata cable, said method comprising the steps of: disconnecting saiddisplay monitor data cable; engaging a latching mechanism to at leastone of the set consisting of the system unit, the display monitor, andthe display monitor data cable, wherein said latching mechanism preventsre-connection of said display monitor data cable; thereafter operatingsaid workstation from a remote location under the control of a remotedigital device at said remote location using a remote workstationcontrol software application, said remote workstation control softwareapplication causing display screen output transmitted to a user at saidremote digital device to be simultaneously transmitted to said displaymonitor, wherein said steps of disconnecting said display monitor datacable and engaging said latching mechanism prevent display of saiddisplay screen output on said display monitor; disengaging at least aportion of said latching mechanism; re-connecting said display monitordata cable; and thereafter operating said workstation from theworkstation location; wherein a portion of said latching mechanismremains attached to said workstation while being operated from a remotelocation and while being operated from the workstation location.
 6. Amethod of operating a workstation containing a system unit housing aprocessor and an I/O port for communicating with a physically separatedisplay monitor via a display monitor data cable attachable to said I/Oport, said method comprising the steps of: engaging a physical latchingmechanism to at least one of the set consisting of the system unit andthe display monitor data cable, wherein said latching mechanism preventscommunication between said system unit and an external device via saidI/O port, wherein said step of engaging a latching mechanism comprisesthe steps of: (a) attaching a first latch at a coupling of said displaymonitor data cable to said system unit, said first latch preventingdetachment of said display monitor data cable from said system unit atsaid coupling; and (b) attaching a second latch at an open end of saiddisplay monitor data cable, said second latch preventing attachment of acoupling to said open end of said display monitor data cable; andthereafter operating said workstation from a remote location under thecontrol of a remote digital device at said remote location using aremote workstation control software application, said remote workstationcontrol software application causing display screen output transmittedto a user at said remote digital device to be simultaneously transmittedto said display monitor, wherein said step of engaging a physicallatching mechanism prevents display of said display screen output onsaid display monitor.
 7. The method of operating a workstation of claim6, wherein said I/O data cable comprises first and second segmentscapable of being connected by a coupling, wherein said step of engaginga latching mechanism comprises disconnecting said first segment fromsaid second segment at said coupling, said first latch being attached ata coupling of said first segment to said system unit, and said secondlatch being attached to said first segment at said coupling forconnecting said first and second segments.